From nobody Mon Feb 9 08:55:17 2026 Received: from mail-qk1-f201.google.com (mail-qk1-f201.google.com [209.85.222.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8F53AD24 for ; Sun, 23 Mar 2025 07:25:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742714718; cv=none; b=NsjmVMieUa3KCcLLEv7yLLmr/vOfXXVw9UkSWm88AMs/N+1AiD+1plsLnOaas/o66AZBw3dmCQIrjC25XiF1FOMs1+p04cIJFMvp9IXl6isk3uFNv3MYIatl+4tI/6BjdB2Rah81/Q0rxFGSJiKDVNbtAjxxrN8HZORXQKmmSTg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742714718; c=relaxed/simple; bh=pjEHBPzfvEeYJItimRBKQTAk73orwkt8aka59h1vjNs=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=ljwp0CwOJ6sDsr9jioYcgSCgAkxPtNaY2ad9KltunjMx87rA237RhAiWNuYibj5x1oNICBJXAb6QcA8x1d3XRW1rISm1vsWYKLgq5rcSd6tTEWBYZVv7kKVGOn93ujm8BdhgrG/dUotnB/FJN+I6UYaE1VFW/aO+Fvs566wbZas= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--edumazet.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HX2sVng8; arc=none smtp.client-ip=209.85.222.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--edumazet.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HX2sVng8" Received: by mail-qk1-f201.google.com with SMTP id af79cd13be357-7bb849aa5fbso890486585a.0 for ; Sun, 23 Mar 2025 00:25:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1742714715; x=1743319515; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=ocoek1h3wHR+5f+ll4cNEMjKwfXiGgCdyPNt9yxsz0c=; b=HX2sVng8oXl2aqg2rbx0PNA7lDuIc47L6wG6gSjRyO8nsjUdj+0iwvhbm/+Ny/umJ0 eHvfYsbYT6YV0AGhnOuzeXZDmcE5BY2tq/TZlqfnMm/Rqrr78ly4LgNLYXUQWh2PKQoZ HGT0v+67IoLQUBiOYeQ9dzX6h7jAzVhYP4ProZVQyZ4F7RX0alC3f4M4l4oszPztg6PM I6u/6kyGglQHYnKCXW22LruWXLXqowOAdKVrWO8FhIZKzaslkQUEsNCRzft6zW3Ze+Vi AcB3v0FtKy//FwnniewPOCUyKI7YuMnHdxLDlMcygZ3HNEN5HMjAMizTBUnfJd5aaCg+ sivg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742714715; x=1743319515; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ocoek1h3wHR+5f+ll4cNEMjKwfXiGgCdyPNt9yxsz0c=; b=IW3xlHj7oL/y4lxUjw4u+lO2/oJMy0J3SmZW+GuUpwxZ7TggeiUSItvfQXQffRckdK DvW/Hwk1/OH6eKBGtPM+ZmTEU5gnm53wRgM3F1832DwAyjfEV+vLumfua2xNHW738HaZ T3irCry8twDP8sN/L9z1c6wYEhGvbiPCHpQt1PCTrdxVQdekrLJwIDw1al0P+4MyltVQ VCYqB7f36I3dg4JHp+36Zj91IP7RPpuG8xq/PkbPpOA/KVJlTaNeKMW7YrJw6IyTyhJI fGlwSozEb//g7tglPCm3JdWMoWyqI/KS/K1vHBK3G+PAUXuR13xBeht1Lg+ISdxaren2 KTvQ== X-Gm-Message-State: AOJu0YxW3GIPRzrJidox9cHwEAXoww49MwCEuRI+N4oj09Zz7HhYeEpU /hQDMxDS1XH4WMEVSp8rJyQtIXpsvJSmr5ELW4Atc+asGuTDQpRxikVjIhauEeBj2Io0D2tBiNR /l8zsm4giGg== X-Google-Smtp-Source: AGHT+IEWgWZF6N/oTjsn9wQHDrFwRXFS8i6IktZJ+/0O2oyPVZJ2yRW/Ir7R6ApD3ALqTYnYnIF5efzt6GHTfQ== X-Received: from qkbdp6.prod.google.com ([2002:a05:620a:2b46:b0:7c5:3ce0:bd3e]) (user=edumazet job=prod-delivery.src-stubby-dispatcher) by 2002:a05:620a:4720:b0:7c5:4c49:76a6 with SMTP id af79cd13be357-7c5ba12d9bemr1402211385a.8.1742714715634; Sun, 23 Mar 2025 00:25:15 -0700 (PDT) Date: Sun, 23 Mar 2025 07:25:11 +0000 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Mailer: git-send-email 2.49.0.395.g12beb8f557-goog Message-ID: <20250323072511.2353342-1-edumazet@google.com> Subject: [PATCH] x86/alternatives: remove false sharing in poke_int3_handler() From: Eric Dumazet To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Peter Zijlstra , Steven Rostedt Cc: linux-kernel , Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , x86@kernel.org, bpf@vger.kernel.org, Eric Dumazet , Greg Thelen , Stephane Eranian , Eric Dumazet Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" eBPF programs can be run 20,000,000+ times per second on busy servers. Whenever /proc/sys/kernel/bpf_stats_enabled is turned off, hundreds of calls sites are patched from text_poke_bp_batch() and we see a critical loss of performance due to false sharing on bp_desc.refs lasting up to three seconds. 51.30% server_bin [kernel.kallsyms] [k] poke_int3_handl= er | |--46.45%--poke_int3_handler | exc_int3 | asm_exc_int3 | | | |--24.26%--cls_bpf_classify | | tcf_classify | | __dev_queue_xmit | | ip6_finish_output2 | | ip6_output | | ip6_xmit | | inet6_csk_xmit | | __tcp_transmit_skb | | | | | |--9.00%--tcp_v6_do_rcv | | | tcp_v6_rcv | | | ip6_protocol_deliver_rcu | | | ip6_rcv_finish | | | ipv6_rcv | | | __netif_receive_skb | | | process_backlog | | | __napi_poll | | | net_rx_action | | | __softirqentry_text_start | | | asm_call_sysvec_on_stack | | | do_softirq_own_stack Fix this by replacing bp_desc.refs with a per-cpu bp_refs. Before the patch, on a host with 240 cpus (480 threads): echo 0 >/proc/sys/kernel/bpf_stats_enabled text_poke_bp_batch(nr_entries=3D2) text_poke_bp_batch+1 text_poke_finish+27 arch_jump_label_transform_apply+22 jump_label_update+98 __static_key_slow_dec_cpuslocked+64 static_key_slow_dec+31 bpf_stats_handler+236 proc_sys_call_handler+396 vfs_write+761 ksys_write+102 do_syscall_64+107 entry_SYSCALL_64_after_hwframe+103 Took 324 usec text_poke_bp_batch(nr_entries=3D164) text_poke_bp_batch+1 text_poke_finish+27 arch_jump_label_transform_apply+22 jump_label_update+98 __static_key_slow_dec_cpuslocked+64 static_key_slow_dec+31 bpf_stats_handler+236 proc_sys_call_handler+396 vfs_write+761 ksys_write+102 do_syscall_64+107 entry_SYSCALL_64_after_hwframe+103 Took 2655300 usec After this patch: echo 0 >/proc/sys/kernecho 0 >/proc/sys/kernel/bpf_stats_enabled text_poke_bp_batch(nr_entries=3D2) text_poke_bp_batch+1 text_poke_finish+27 arch_jump_label_transform_apply+22 jump_label_update+98 __static_key_slow_dec_cpuslocked+64 static_key_slow_dec+31 bpf_stats_handler+236 proc_sys_call_handler+396 vfs_write+761 ksys_write+102 do_syscall_64+107 entry_SYSCALL_64_after_hwframe+103 Took 519 usec text_poke_bp_batch(nr_entries=3D164) text_poke_bp_batch+1 text_poke_finish+27 arch_jump_label_transform_apply+22 jump_label_update+98 __static_key_slow_dec_cpuslocked+64 static_key_slow_dec+31 bpf_stats_handler+236 proc_sys_call_handler+396 vfs_write+761 ksys_write+102 do_syscall_64+107 entry_SYSCALL_64_after_hwframe+103 Took 702 usec Signed-off-by: Eric Dumazet --- arch/x86/kernel/alternative.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index c71b575bf229..d7afbf822c45 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -2137,28 +2137,29 @@ struct text_poke_loc { struct bp_patching_desc { struct text_poke_loc *vec; int nr_entries; - atomic_t refs; }; =20 +static DEFINE_PER_CPU(atomic_t, bp_refs); + static struct bp_patching_desc bp_desc; =20 static __always_inline struct bp_patching_desc *try_get_desc(void) { - struct bp_patching_desc *desc =3D &bp_desc; + atomic_t *refs =3D this_cpu_ptr(&bp_refs); =20 - if (!raw_atomic_inc_not_zero(&desc->refs)) + if (!raw_atomic_inc_not_zero(refs)) return NULL; =20 - return desc; + return &bp_desc; } =20 static __always_inline void put_desc(void) { - struct bp_patching_desc *desc =3D &bp_desc; + atomic_t *refs =3D this_cpu_ptr(&bp_refs); =20 smp_mb__before_atomic(); - raw_atomic_dec(&desc->refs); + raw_atomic_dec(refs); } =20 static __always_inline void *text_poke_addr(struct text_poke_loc *tp) @@ -2191,9 +2192,9 @@ noinstr int poke_int3_handler(struct pt_regs *regs) * Having observed our INT3 instruction, we now must observe * bp_desc with non-zero refcount: * - * bp_desc.refs =3D 1 INT3 - * WMB RMB - * write INT3 if (bp_desc.refs !=3D 0) + * bp_refs =3D 1 INT3 + * WMB RMB + * write INT3 if (bp_refs !=3D 0) */ smp_rmb(); =20 @@ -2299,7 +2300,8 @@ static void text_poke_bp_batch(struct text_poke_loc *= tp, unsigned int nr_entries * Corresponds to the implicit memory barrier in try_get_desc() to * ensure reading a non-zero refcount provides up to date bp_desc data. */ - atomic_set_release(&bp_desc.refs, 1); + for_each_possible_cpu(i) + atomic_set_release(per_cpu_ptr(&bp_refs, i), 1); =20 /* * Function tracing can enable thousands of places that need to be @@ -2413,8 +2415,12 @@ static void text_poke_bp_batch(struct text_poke_loc = *tp, unsigned int nr_entries /* * Remove and wait for refs to be zero. */ - if (!atomic_dec_and_test(&bp_desc.refs)) - atomic_cond_read_acquire(&bp_desc.refs, !VAL); + for_each_possible_cpu(i) { + atomic_t *refs =3D per_cpu_ptr(&bp_refs, i); + + if (!atomic_dec_and_test(refs)) + atomic_cond_read_acquire(refs, !VAL); + } } =20 static void text_poke_loc_init(struct text_poke_loc *tp, void *addr, --=20 2.49.0.395.g12beb8f557-goog